This is just a quick one but it’s something I forget every time and always forget where to look. I deal with lots of Java software at work and on our development network we have our own self-signed SSL certificate which we use for self-hosted internal tools. This can cause issues when bits of Java software need to communicate with those self-signed SSL using tools. This post is here to explain my common use-case and a common pitfall I have when doing it.…

Until recently I had heard of security flaw finding competitions and websites and assumed they were only for the hacker elite. As someone who spends his days creating software I’d not really looked in to them, thinking that I wouldn’t be able to find anything that hadn’t been found before. However thanks to a bit of serendipity and some great people working on support I managed to report a security vulnerability and earn myself some money through a website called Bugcrowd as well as getting an extra bonus for finding the issue during OWASP Bug Week 2014.…